3.3. NewSessionTicket Handshake Message
This message is sent by the server during the TLS handshake before
the ChangeCipherSpec message. This message MUST be sent if the
server included a SessionTicket extension in the ServerHello. This
message MUST NOT be sent if the server did not include a
SessionTicket extension in the ServerHello.
Your server is not sending the extension in its ServerHello, but it does later in the handshake. Its TLS implementation appears to be non-conformant.
Are you using OpenSSL? What OpenSSL version is your webserver linked against:
nginx -V
I believe the reason is that cURL, by default, does not enable the SessionTicket extension in its ClientHello message.
But your browser does.
The wrong behavior by your webserver's TLS implementation only occurs in the latter case.
Edit: As @JuergenAuer posted, this post appears to contain the explanation for why it's happening and how you can fix it: